New ‘critical’ vulnerability found in cryptocurrency wallet

Correction: the original version of this story referred to the company concerned as Beam Wallet, rather than Beam Privacy. This was incorrect, and we are – of course – happy to make the correction. Apologies for the confusion, and any unhappiness caused.

Beam Privacy is a tech firm that’s allowing users o pay for goods and services using their phone. They do so via its wallet application, but a big problem with it quickly came to light.

The associated Beam cryptocurrency went live a few days’ back, with its key selling point being the use of privacy technology known as Mimeblewimble. This, in theory, means that transactions made via the service can be confidential.

However, things have not quite gone to plan. The Beam Privacy team has issued an announcement that a “critical vulnerability” has been found in the wallet. It says it discovered the vulnerability itself, and is moving fast to fix it. Here’s the Tweet where it announced the news…

CRITICAL VULNERABILITY IN BEAM WALLET

9.1.2019 20:20 GMT

Critical Vulnerability was found in Beam Wallet today.

Vulnerability was discovered by Beam Dev Team and not reported anywhere else.

Vulnerability affects all previously released Beam Wallets both Dekstop and CLI.

It went into more detail on a Github posting, where it said that all Beam users were required to stop using the wallet application and to uninstall or delete it (but crucially, not to delete the database or any wallet data). Then, to ensure the application itself has been fully deleted, and to download a fresh version of it, that’s been updated to fix the vulnerability.